Sneaker's Stub – The Grey Stuff!

Attacking DNS

DNS stands for Domain Name System. I have already wrote an article on how to extract information from DNS in this article (DNS Reconnaisance).Now I’m going to tell you about DNS attacks. There are many types of attacks you can actually perform on DNS servers in order to break them,but before that you need to know the vulnerabilities or configuration issues that could be present in the Domain Name Server. There are several ways to find DNS vulnerabilities. But before that lets take a look at what are the possible ways to attack DNS servers:

Denial of Service Attacks(DoS)

Distributed Denial of Service Attacks(DDoS)

Application level-Buffer Overflow

Cache Poisoning

DNS Hijacking

Denial of Service DoS: Now DoS attacks mostly exploit weakness in the architecture of the DNS protocol generally occur in the form:

DNS request Flooding

DNS response Flooding

DNS recursive Flooding

Distributed Denial Of Service Attack: Also known as DNS amplification Attack or SMURF attack is based on ICMP request which attacker sends. Attacker in this attack uses his botnet that he made. Attacker sends ICMP request to the network broadcast address of a router configured to relay ICMP to all the devices behind the router. He had many zombie machines under his control through which he sends DNS requests and the load is so much that the DNS server gets crash. I got a best article describing this and I thought I might share that with you rather than writing my own stuff –> Here’s the link. To check for the vulnerability of DDoS in DNS here’s a link to tell you how it is done — link.

Buffer Overflow: BIND(Berkeley Internet Network Daemon),it is a UNIX based DNS daemon which is vulnerable to buffer overflow attack. The versions below 4.9.8 are vulnerable to such an attack. Now the patch is available but we can still find the vulnerability in some un-patched servers.

Cache-Poisoning: DNS job is to convert the URL (that are well understood by us) into IP address for the further processing. So DNS maps its URL to its corresponding IP address and then send the information back to you. DNS servers store the information in about mapping in a file. But ever wondered what would happen if in case the Mapping file is changed to malicious IP address? This is what is called Cache-Poisoning. This vulnerability was provided by Dan Keminsky which he had further described in his Black Hat conference.

DNS Hijacking: DNS Hijacking is done via redirecting a user to a malicious site instead of a legit one. DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer to alter its DNS settings, so that it now points to a rogue DNS server, the process is referred to as DNS hijacking.

I am not giving you tutorials here because you can find it on any website if you search google. DNS is one of the most important part of internet.Its our daily use, and you should have good knowledge about it.If you’re a hacker a good or a bad.You should have proper knowledge about DNS systems. If you want me to put a tutorial,I’ll be putting it later. Th